djm [Mon, 24 Nov 2003 02:07:45 +0000 (02:07 +0000)]
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/11/23 23:17:34
[ssh-keyscan.c]
from portable - use sysconf to detect fd limit; ok markus@
(tidy diff by adding SSH_SSFDMAX macro to defines.h)
dtucker [Sat, 22 Nov 2003 03:25:15 +0000 (03:25 +0000)]
- (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net.
Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA
is enabled, rely on SIA to check for locked accounts if enabled. ok djm@
dtucker [Sat, 22 Nov 2003 03:16:56 +0000 (03:16 +0000)]
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move AIX specific password authentication code to port-aix.c, call
authenticate() until reenter flag is clear.
djm [Tue, 18 Nov 2003 11:01:48 +0000 (11:01 +0000)]
- djm@cvs.openbsd.org 2003/11/18 10:53:07
[monitor.c]
unbreak fake authloop for non-existent users (my screwup). Spotted and
tested by dtucker@; ok markus@
dtucker [Tue, 18 Nov 2003 01:42:07 +0000 (01:42 +0000)]
- (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv,
and use it for do_pam_session. Fixes problems like pam_motd not displaying
anything. ok djm@
djm [Mon, 17 Nov 2003 11:18:21 +0000 (11:18 +0000)]
- markus@cvs.openbsd.org 2003/11/17 11:06:07
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c]
[monitor_wrap.h sshconnect2.c ssh-gss.h]
replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson;
test + ok jakob.
djm [Mon, 17 Nov 2003 10:13:40 +0000 (10:13 +0000)]
- djm@cvs.openbsd.org 2003/11/04 08:54:09
[auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c]
[auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c]
[session.c]
standardise arguments to auth methods - they should all take authctxt.
check authctxt->valid rather then pw != NULL; ok markus@
djm [Mon, 17 Nov 2003 10:09:50 +0000 (10:09 +0000)]
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/11/03 09:03:37
[auth-chall.c]
make this a little more idiot-proof; ok markus@
(includes portable-specific changes)
dtucker [Thu, 13 Nov 2003 00:28:49 +0000 (00:28 +0000)]
- (dtucker) [README ssh-host-config ssh-user-config Makefile] (All
contrib/cygwin). Major update from vinschen at redhat.com.
- Makefile provides a `cygwin-postinstall' target to run right after
`make install'.
- Better support for Windows 2003 Server.
- Try to get permissions as correct as possible.
- New command line options to allow full automated host configuration.
- Create configs from skeletons in /etc/defaults/etc.
- Use /bin/bash, allows reading user input with readline support.
- Remove really old configs from /usr/local.
dtucker [Mon, 3 Nov 2003 09:06:14 +0000 (09:06 +0000)]
- avsm@cvs.openbsd.org 2003/10/26 16:57:43
[sshconnect2.c]
rename 'supported' static var in userauth_gssapi() to 'gss_supported'
to avoid shadowing the global version. markus@ ok
dtucker [Mon, 3 Nov 2003 07:59:29 +0000 (07:59 +0000)]
- (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services
are created correctly with CRLF line terminations. Patch from vinschen at
redhat.com.
dtucker [Wed, 15 Oct 2003 06:57:57 +0000 (06:57 +0000)]
- (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c
openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always
compiled in but disabled in config.
dtucker [Wed, 15 Oct 2003 05:58:18 +0000 (05:58 +0000)]
- jmc@cvs.openbsd.org 2003/10/12 13:12:13
[ssh_config.5]
note that EnableSSHKeySign should be in the non-hostspecific section;
remove unnecessary .Pp;
ok markus@
dtucker [Wed, 15 Oct 2003 05:54:32 +0000 (05:54 +0000)]
- markus@cvs.openbsd.org 2003/10/11 08:24:08
[readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
remote x11 clients are now untrusted by default, uses xauth(8) to generate
untrusted cookies; ForwardX11Trusted=yes restores old behaviour.
ok deraadt; feedback and ok djm/fries
dtucker [Wed, 15 Oct 2003 05:50:42 +0000 (05:50 +0000)]
- jmc@cvs.openbsd.org 2003/10/08 08:27:36
[scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8]
scp and sftp: add options list and sort options. options list requested
by deraadt@
sshd: use same format as ssh
ssh: remove wrong option from list
sftp-server: Subsystem is documented in ssh_config(5), not sshd(8)
ok deraadt@ markus@
dtucker [Tue, 7 Oct 2003 07:49:56 +0000 (07:49 +0000)]
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c]
Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@
dtucker [Thu, 2 Oct 2003 06:19:47 +0000 (06:19 +0000)]
- jmc@cvs.openbsd.org 2003/09/29 11:40:51
[ssh.1]
- add list of options to -o and .Xr ssh_config(5)
- some other cleanup
requested by deraadt@;
ok deraadt@ markus@
- (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove
DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam. Patch from
michael_steffens at hp.com, ok djm@